﻿<%@ Page Title="" Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<dynamic>" %>

<asp:Content ID="Content1" ContentPlaceHolderID="TitleContent" runat="server">
	HiddenForm
</asp:Content>

<asp:Content ID="Content3" ContentPlaceHolderID="HeaderContent" runat="server">
	Hidden Field Attack
</asp:Content>

<asp:Content ID="Content4" ContentPlaceHolderID="NavContent" runat="server">
<ul class="sf-menu nav">
	<li id="pre"><a href="#">What need to know</a></li>
	<li id="teach"><a href="#">About the Attack</a></li>
	<li id="lab"><a href="#">Lab</a></li>
	<li id="hint"><a href="#">Hints</a></li>
</ul>
</asp:Content>


<asp:Content ID="Content2" ContentPlaceHolderID="MainContent" runat="server">

    <div id="preContent" class="initial">
        <h2>In order to learn this topic, you need to know:</h2>
        <p><a href="http://www.w3schools.com/html/html_forms.asp">HTML Form</a></p>
    </div>
    <div id="teachContent">
        <h3>About Hidden Field Attack</h3>
        <p>Handy for developers to store value that keep from ordinary users.</p>
    </div>
    <div id="hintContent" class="initial" style="color:Red">
        <p>
            View the source of page, find the hidden field and analyze how you can get benefit by changing the content.
        </p>
    </div>
    <div id="labContent" class="initial">
        <% using (Ajax.BeginForm("HiddenFormAttack", null, new AjaxOptions { UpdateTargetId = "labResultDiv", OnComplete = "" }, new { id = "hidden_form" }))
           { %>
        <div id="labContentDiv">
            <% Html.RenderPartial("HiddenFormControl"); %>
        </div>
        <div id="labResultDiv">
            <% Html.RenderPartial("HiddenFormResult"); %>
        </div>
        <% } %>
    </div>

    <script type="text/javascript">
        $("#money").click(function () {
            $("#hidden_html").show()
        });
    </script>

</asp:Content>
